Hi all, keen to hear some other thoughts. I work for a large Charity and they support University students. They post content on IG and want to know if they can message students to engage with them, if the student ...
Discy Latest Questions
Hi all, Can one person be a DPO for a company based in the EU and the UK? I am the DPO for the EU entity however there is no counterpart in the UK side of the business and I ...
HR staff are required to undertake three yearly risk assessments in respect of existing staff that have previously needed a DBS check. The DBS Govt Guidance is specific as to what data is kept for a DBS check. The ...
What role (controller or processor) would you allocate to a vendor who the only personal data processed by them as part of the service provided to client is client’s employees data to login to their service and use it for ...
I have a letter from a doctor confirming that if we release records, it will be detrimental to the data subject’s mental health. Does anyone have example of wording used to convey this to the data subject?
Some time ago, the ICO issued an action (might have been a penalty, but could be an enforcement) in which they disregarded a data processing agreement and deemed that an organisation was acting as a controller, despite the fact the ...
Is there a difference between the EU GDPR and UK GDPR? Does EU GDPR somehow apply now in the UK?
As part of our day to day business we carry out various forms of customer servce. This may entail phone calls, emails, discretionary offerings (not via marketing but in response to long service/commitment or complaints). Would you expect processing ...
Hi I have “customers” who live all over the world. We process their data in the UK and EU. I understand that I need to comply with UK & EU GDPR but do I also need to comply with ...
We are working with an independent financial advisor who will be acting as a broker for our death in service benefits. Am I right in thinking that in this capacity they would be acting as our data processor?